Cloud-Based IAM Modernization Consultant -Rockville MD
Description:
Job Description
Cloud-Based IAM Modernization and Oracle Integration Consultant – Hybrid Rockville MD
About us
Creative Information Technology Inc (CITI) is an esteemed IT enterprise renowned for its exceptional customer service and innovation. We serve both government and commercial sectors, offering a range of solutions such as Healthcare IT, Human Services, Identity Credentialing, Cloud Computing, and Big Data Analytics. With clients in the US and abroad, we hold key contract vehicles including GSA IT Schedule 70, NIH CIO-SP3, GSA Alliant, and DHS-Eagle II.
Join us in driving growth and seizing new business opportunities.
Role and Responsibilities
The Office of Strategic Partnership (OSP) is responsible for modernizing its Identity and Access Management (IAM) system by migrating to a cloud-based platform. This includes integrating the legacy Oracle Echo system with Microsoft Azure Entra ID and Azure B2C. We are seeking consultant with a proven track record in enterprise IAM implementations and secure cloud integrations.
Objectives:
Design and implement OCI IAM, Microsoft Entra, and Azure B2C–based SSO for Oracle EBS, OAS, PeopleSoft, Oracle Learning Management (OLM), and other Oracle workloads.
Enable seamless authentication for internal users (employees), external users, and contractors.
Architect and document a secure DMZ access pattern to protect on-premises resources while allowing selective inbound connections.
Ensure end-to-end security, high availability, and compliance with industry best practices.
Minimum Qualification
Define logical SSO flow between internal users, Entra ID, OCI IAM, and Oracle apps for internal users
Define logical SSO flow between external users, Azure B2C, OCI IAM, and Oracle apps for external users
Configure Microsoft Entra as an SAML/OIDC identity provider for Oracle applications
Configure OCI IAM identity providers and federation with Entra ID
Configure Azure B2C as an SAML/OIDC identity provider for Oracle applications
Design DMZ zoning: reverse proxy, firewalls, and application gateways
Deploy and configure DMZ components
Define access policies, attribute mappings, and claim rules
Perform functional, security (penetration/vulnerability), and performance testing
Conduct user acceptance testing with internal and external stakeholder groups
Produce end-to-end security architecture diagrams and DMZ access patterns
Document configuration steps, policy definitions, and operational runbooks
Deliver a knowledge-transfer workshop and train-the-trainer sessions
Work with the Operations team for production migration
Deliverables:
Solution Design Package: Includes high-level architecture diagrams, detailed SSO and federation flowcharts, DMZ zone definitions, firewall rule sets, and a working prototype.
Implementation Artifacts: Covers configurations for Entra ID, Azure B2C, and OCI IAM.
Test Reports: Includes functional and integration test cases with results, as well as security scan reports.
Operational Documentation: Comprises system configuration guides, access management runbooks, and troubleshooting guides.
Knowledge Transfer: Provides training to the operational team, including Q&A sessions and a support plan.
Teams Expertise Requirement:
Extensive experience with OCI IAM, Microsoft Entra ID, Azure B2C, and SAML/OIDC protocols.
Strong expertise in DMZ design, firewall configurations, and application gateway setup.
Proficient in conducting penetration testing and vulnerability assessments.
Skilled in technical writing and training, with the ability to document and transfer knowledge effectively.
Acceptance Criteria:
Successful SSO login for all defined user personas without manual intervention.
DMZ enforces least-privilege access, passing only necessary traffic.
All test cases pass with documented outcomes.
Documentation reviewed and approved by the client security team.
Knowledge transfer session delivered, and the client can independently manage the solution.